{"id":871,"date":"2013-07-05T13:44:00","date_gmt":"2013-07-05T13:44:00","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=871"},"modified":"2020-02-26T10:40:51","modified_gmt":"2020-02-26T15:40:51","slug":"protection-from-banking-phishers","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/protection-from-banking-phishers\/871\/","title":{"rendered":"Protection from banking “phishers”"},"content":{"rendered":"

You do not often read \u201crepentance\u201d articles in the media when authors describe as they did something evidently stupid and paid for it. Last year one such piece was published<\/a> in the British online magazine \u201cWhich?\u201d by Consumer Rights Editor Amanda Diamond. She happened to fall foul of a phishing email and lost a certain sum of money. A small one but not worthless, to be sure.<\/p>\n

Once Diamond tried to log in to her online bank account a few times and entered the wrong password and PIN. When she checked her email she found a letter from her bank entitled: \u2018Your account has been put on restricted status\u2019. When she opened the email it went on to say that her online access had been \u2018temporarily suspended\u2019 and that this was due to \u2018a number of incorrect log in attempts\u2019.<\/p>\n

\u201cAs this happened to be true, I clicked on the link without thinking and began entering my online password and PIN. But then the alarm bells rang and before I\u2019d entered all my details I promptly ceased what I was doing and closed down the page. But, it was too late\u201d, \u2013 Amanda Diamond wrote. She said that evening the fraudsters had called the bank pretending to be her, reported the stolen credit card and requested emergency cash. The bank proceeded to give the scammers a PIN they could use in a cash machine. Thus she lost 240 pounds.<\/p>\n

\u201c\u2026And I know that when entering my personal details online I should make sure the site is secure (by checking it\u2019s got a padlock sign in front of the web address)\u201d, \u2013 Diamond wrote. Sure.<\/p>\n

Phishing \u2013 is a far from new but still very effective method of online fraud, which affects both ordinary users (even not so ordinary like Amanda Diamond) and large companies. Diamond is now in the process of appealing and expects to have the money fully refunded. Most likely she will succeed.<\/p>\n

Here\u2019s another story: \u201cMy YouTube account with 5,000 subscribers, my backup YouTube account, and my newest one were all hacked. He also hacked my PayPal account and stole my money. What can\/should I do? Call the police? Call his ISP? I have his IP address and location\u201d, \u2013 wrote<\/a> some anonymous on Yahoo! Answers.<\/p>\n

Now a counter-question arises: how could it happen? There are just two answers for that. The first variant is the work of some upscale professional who really tried his best (or he was paid for it by some enemies). This version should never be fully excluded. But there is another, much more credible and simple answer: the victim had used the same password for all his or her accounts, including PayPal. And if it was that, then he or she got an \u201cF\u201d for failing to comply with the basic web safety rules.<\/p>\n

One of five phishing attacks registered since May 2012 till late April 2013 was targeted at banks and other financial institutions. These are the results of our study<\/a> of the evolution of phishing threats, based on the data from Kaspersky Security Network<\/a> cloud service. 20.64% of all phishing attacks recorded within the year ending in April 2013 were aimed at the sites of banks and other financial institutions around the world.<\/p>\n

These data are indirectly confirmed by banks. According to the global survey that was conducted last spring by an authoritative analytical agency B2B International in cooperation with Kaspersky Lab, about 37% of the banks were subject to phishing attacks at least once in the last 12 months. There\u2019s no way to guess how many bank clients were subject to such attacks.<\/p>\n

Scammers\u2019 interest in banking and e-commerce is natural: an attacker can make money just by selling personal information of phishing attacks\u2019 victims. At the same time a successful phishing attack with the use of fake pages of online banking systems or popular online stores, as a rule, immediately pays an attacker.<\/p>\n

It is quite possible to secure oneself from phishing. But there are too many different factors to be kept in mind. Firstly, by no means try using computers in public places (libraries, schools, restaurants, and internet cafes) to connect to any financial services or online shops. Nothing can guarantee the absence of even banal keyloggers on public devices.<\/p>\n

In fact, it is not safe to use public WiFi. This is an example<\/a>, describing the seemingly fantastic but true situation when a hacker (in that case rather a network security expert carrying out an experiment for journalists) brings his router in a cafe and sets it up so that potential customers would consider it the real cafe\u2019s access point. Essentially, it is like attaching a skimmer to an ATM.<\/p>\n

When referring to payment services you should check if there is secure connection: for example, whether the https protocol or just http is used, and in the latter case you certainly see a fake page. Even if it looks identical and you think that the web-address in the bar is correct.\u00a0In general, when connecting to a payment or a banking online service you need to take into account such a great number of possible traps that an average user will find it hard to keep them all in mind.<\/p>\n

Therefore, we have developed Safe Money<\/a> \u2013 the online transaction security technology. It is available as a part of security packages for home users Kaspersky Internet Security<\/a> and Kaspersky PURE<\/a>. A key feature of the technology is that it was developed on the account of fraudulent techniques used by hackers attacking the users of online banking and shops.\u00a0In particular, the technology prevents executing any potentially dangerous code in the browser, thus protecting the user from XSS attacks and attempts to automatically download malware from infected sites. In addition, the technology checks the legitimacy of the site to which the user is trying to log on with the help of the regularly updated database of trusted websites and phishing URLs. At the same time the integrated heuristics mechanism helps Kaspersky Lab software effectively detect malicious links before they are even included in the database.<\/p>\n

In our unsafe networked world the use of specialized solutions for online payment protection seems quite adequate. It is much easier to activate a special mode for such cases (now that for many sites the Safe Money mode is triggered automatically), than to recollect all the necessary safety precautions before every transaction \u2013 just like pilots refer to their preflight checklists. Pilots do not have the right or ability to get along without reference, but the users of payment services are not required to hold their breaths every time they perform online transactions.\u00a0Kaspersky Lab believes that users should be protected from threats at any instance of their work online. However, when it comes to real money, protection should be the maximum, so that the user should be aware that his or her money would not disappear, and the snitchers would abhor their choice of \u201cprofession\u201d.<\/p>\n","protected":false},"excerpt":{"rendered":"

You do not often read \u201crepentance\u201d articles in the media when authors describe as they did something evidently stupid and paid for it. Last year one such piece was published<\/p>\n","protected":false},"author":53,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[79,76,179],"class_list":{"0":"post-871","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-business","7":"category-smb","8":"tag-online-banking","9":"tag-phishing","10":"tag-safe-money"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/protection-from-banking-phishers\/871\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/protection-from-banking-phishers\/871\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/protection-from-banking-phishers\/871\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/online-banking\/","name":"online banking"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=871"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/871\/revisions"}],"predecessor-version":[{"id":32827,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/871\/revisions\/32827"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}